Re: [OT] rkhunter und chrootkit Meldungen
* Peter Jordan <usernetwork@gmx.info> wrote:
> Hallo,
>
> ich habe auf meinem Desktoprechner mal rkhunter und chrootkit laufen
> lassen und bekomme folgende Meldungen:
>
> rkhunter:
>
> Scanning for hidden files... [ Warning! ]
> -----------------------------------------------------------------
>
> Found warnings:
> [14:41:42] WARNING, found: /etc/.java (directory) /dev/.udev
> (directory) /dev/.static (directory)
>
> chrootkit:
>
> The following suspicious files and directories were found:
> /usr/lib/jvm/.java-gcj.jinfo
> /usr/lib/firefox/.autoreg
> /lib/init/rw/.ramfs
> /lib/modules/fglrx/build_mod/2.6.x/.tmp_versions
> /lib/modules/fglrx/build_mod/2.6.x/.firegl_public.o.cmd
> /lib/modules/fglrx/build_mod/2.6.x/.fglrx.o.cmd
> /lib/modules/fglrx/build_mod/2.6.x/.fglrx.mod.o.cmd
> /lib/modules/fglrx/build_mod/2.6.x/.fglrx.ko.cmd
> /lib/modules/fglrx/build_mod/2.6.x/.tmp_versions
Das sind False-Positives, siehe
,----[ /usr/share/doc/chkrootkit/README.FALSE-POSITIVES ]-
| the hidden files issue continues to crop up now and again. basically,
| if chkrootkit sees a hidden file (a file that begins with .) under
| /usr/lib, it flags it as suspicious. there are various packages that
| contain these hidden files and they are innocuous. however, it appears
| that arbitrary hidden files under /usr/lib is a sign of a rootkit, so,
| again, it's the safe vs sorry argument
`----
>/usr/lib/security/
Auch nix Böses:
$# dlocate /usr/lib/security/
libgcj-common: /usr/lib/security/classpath.security
> Warning: `' is linked to another file
Das sagt mir erst mal nichts, führe chkrootkit mal von Hand aus und
schau nach, bei welchem Test er diese Meldung bringt.
Die Sniffermeldung kommt vom dhcp-Client und ist in Ordnung.
Gruß
Jens
Reply to: